CWE-525

Use of Web Browser Cache Containing Sensitive Information

Variant

Incomplete

Description

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Parent Weaknesses (ChildOf)

CWE-524: Use of Cache Containing Sensit...

Common Consequences

Scope

Confidentiality

Impact

Read Application Data

Potential Mitigations

Architecture and Design

Protect information stored in cache.

Implementation

Use a restrictive caching policy for forms and web pages that potentially contain sensitive information, such as "no-cache" in the Cache-Control header.

Architecture and Design

Do not store unnecessarily sensitive information in the cache.

Architecture and Design

Consider using encryption in the cache.

CVE-2024-30127

Product does not set the "no-cache" option in the HTTP Cache-Control, allowing sensitive information to be cached

CVE-2024-45314

Login form for an application development framework does not set "no-cache" and other options in the HTTP Cache-Control header, allowing sensitive information to be cached

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-525

Use of Web Browser Cache Containing Sensitive Information

Description

Relationships

Common Consequences

Potential Mitigations

Related CVEs

Applicable Platforms